CSAM: The Threat

So, who are the bad guys in this drama, what do they want with us, and how are they going about doing it? A number of major companies now publish data about the various threats, including Verizon, Kaspersky Labs, McAfee, FireEye and others. The FBI publishes a 10 Most Wanted list for cybercriminals, Cyber 10 Most Wantedand most people agree on the categories and characteristics of various threat types, but beyond that it is hard to come by exact numbers.

page.consulting.apt.targets2What we do know more about is how attacks happen and who the targets are. Kaspersky claims that in 2014 their network detected and neutralized over 6 billion threats and 1.5 billion attacks launched from almost 9 million distinct computer hosts and using more than 120 million discrete malicious objects. One reason attacks have become so pervasive is that perpetrators use automated techniques to vary code, making it harder for anti-virus software to use signatures alone for detection. Verizon says that 70% – 90% of malware samples are unique to a single organization as a result of these “polymorphic” techniques.

McAfee saysNetwork attacks that almost 80% of network attacks involve one of three categories: denial of service, brute force (attacks to guess passwords generally), and browser-based attacks. According to  the Verizon 2015 Data Breach Investigations Report, the percentage of external attacks has remained relatively constant over the past 5 years at about 85% of all attacks, meaning that internal attacks account for about 15%. Phishing and RAM scrapers (used in the Target and other Point-of-Sale attacks) are the fastest growing types of attacks over that period, with spyware and keyloggers declining significantly. Cyren reports that in 2014 they saw:attacks
  • 159% increase in malware URLs
  • 233% increase in phishing URLs
  • 50% increase in average daily number of emails containing malware – from 1.69 to 2.5 billion
  • 30% decline in the average daily amount of spam from 78.2 billion to 54.6 billion

which is consistent with most other reports that phishing is one of the biggest problems we face. In fact the Verizon report indicates that more than 2/3 of cyber-espionage attacks include phishing, a number that jumps to 95% of attacks attributed to State-sponsored actors. The report says that 23% of recipients now open phishing messages and 11% click on attachments, half within the first hour that a phishing e-mail is received, and some within the first couple minutes. It takes a phishing campaign of only 10 e-mails to give the perpetrator a better than 90% chance of finding a victim.

The data on insider misuse of information is also disheartening. In a survey conducted by Symantec and the Ponemon Institute in 2009, over half of ex-employees admitted to stealing company data. While not all insider “attacks” are malicious (many are honest mistakes, or cases where employees become unwitting accomplices), the threat of data leakage has become a major issue.

On the positive side, the anticipated threat to mobile devices seems to be less than some had feared. The Verizon report says that only 0.03% were infected with malicious exploits (as opposed to annoying adware), a “negligible” number unless you are one of the 20-30,000 devices infected per month. And almost all of those were for Android devices (96%), with much of the suspicious activity for iOS devices actually representing failed attacks targeted at Android.

Finally, the types of attack vary widely by industry sector, with this chart from the Verizon report showing some interesting patterns (in the hotel industry, 91% are point of sale attacks, while for manufacturing it is 94% as either crimeware or cyberespionage).

attack by industry

So what can you take away from all this data? People responsible for these cyber-threats are clever and adaptive to changing defenses. But, some threats have been reduced and others are not as prevalent as we feared might be the case. People are still the weakest link, both as a threat and as an attack vector. Good cyber hygiene remains your best bet. Do the easy stuff: be aware, don’t click on suspicious links, use strong passwords and change them regularly, keep your systems updated. The technology is getting better as long as you don’t do things to undermine its effectiveness.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s